Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
lavega
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 28 říj 2012 09:07

Prosím o kontrolu logu

#1 Příspěvek od lavega »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021
Ran by MoniX (administrator) on LAPTOP-RCOAIGT2 (LENOVO 80T3) (24-01-2021 13:05:53)
Running from F:\PROGFILE\1 POMOC
Loaded Profiles: MoniX
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
() [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHeciSvc.exe
(LENOVO -> ) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\MoniX\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-12-27] (LENOVO -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> )
HKLM-x32\...\Run: [OneLinkManager] => C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe [1083904 2015-05-30] () [File not signed]
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\MoniX\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)

________
________
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021
Ran by MoniX (24-01-2021 13:00:22)
Running from F:\PROGFILE\1 POMOC
Windows 10 Pro Version 2004 19041.746 (X64) (2020-10-23 00:07:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2055380405-3380175527-2212886683-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2055380405-3380175527-2212886683-503 - Limited - Disabled)
Guest (S-1-5-21-2055380405-3380175527-2212886683-501 - Limited - Disabled)
MoniX (S-1-5-21-2055380405-3380175527-2212886683-1001 - Administrator - Enabled) => C:\Users\MoniX
WDAGUtilityAccount (S-1-5-21-2055380405-3380175527-2212886683-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Auto Mouse Mover v9.1 (HKLM-x32\...\{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1) (Version: 9.1 - MurGee.com)
Castle Attack 2 v1.00 (HKLM-x32\...\Castle Attack 2) (Version: - )
CCSDK Customer Engagement Service (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.3.0.3 - Lenovo)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1326.26 - Sonix)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
Free ZIP File Opener (HKLM-x32\...\{00A882CD-7E60-4A01-BCEC-AB71D21F4D53}) (Version: 1.0.1 - Powerful Utilities)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft 365 -sovellukset yrityksille - fi-fi (HKLM\...\O365BusinessRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office 2016 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - fi-fi (HKLM\...\HomeStudentRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
OpenVPN Connect (HKLM-x32\...\{8B4BC420-3DCB-4018-A345-B24F7DBC30C3}) (Version: 2.6.0.100 - OpenVPN Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{4151AAE1-FD6C-4D49-BA0F-79212F960797}) (Version: 4.5.510.0 - Synaptics)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
ThinkPad OneLink Plus Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.10.10 - Lenovo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WiFi Password Revealer (HKLM-x32\...\WiFi Password Revealer_is1) (Version: 1.0.0.7 - Magical Jelly Bean)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-11] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-17] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.185.400.0_x86__kgqvnymyfvs32 [2021-01-23] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-18] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-10-12] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2021-01-09] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.3.1.1_x86__h6adky7gbf63m [2021-01-14] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-15] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-17] (Microsoft Studios)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\MoniX\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxDTCM.dll [2018-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-24] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\MoniX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-09-16 20:20 - 2017-09-16 20:20 - 000091648 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001016832 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 000046592 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001411072 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000071168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\bz2.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000061952 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000009728 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000039936 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2018-06-08 09:40 - 2018-06-08 09:40 - 000005120 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
2017-09-16 20:20 - 2017-09-16 20:20 - 000144384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000006656 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
2017-12-19 17:51 - 2017-12-19 17:51 - 000396288 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom27.dll
2017-12-19 17:50 - 2017-12-19 17:50 - 000109056 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes27.dll
2017-09-16 20:20 - 2017-09-16 20:20 - 000010240 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000026624 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2018-06-08 09:48 - 2018-06-08 09:48 - 000007168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000687104 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000099840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2017-12-19 17:52 - 2017-12-19 17:52 - 000360448 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000017408 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000118784 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000166912 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000023040 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000035840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000016384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32profile.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000107520 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000041472 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000021504 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000019456 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 002645504 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\PYTHON27.DLL
2020-08-14 08:56 - 2020-05-30 19:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2020-12-21 18:12 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-19 16:27 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 001260544 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\LIBEAY32.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?khjfsy
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\sharepoint.com -> hxxps://jonckerstrans-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-03-15 23:14 - 000001029 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.ovpn.jonckers.eu

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MoniX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "OneLinkManager"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "haozipcd"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2FF1A24A-2D25-4F44-8204-3606937260CF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3E798486-17A4-43C2-A9B6-6F50055E05E8}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{662C9395-628E-4417-8CC1-D838A6494EA3}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{58F54A81-C9EC-46BE-807E-905AEF0E4C84}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{95AF8B88-9E47-478C-9EB5-41514279285D}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{8BF91EC4-94E9-40B8-9FDF-AD93E590BD66}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{FC5E69A0-8D97-4FE1-966C-C4FFA720FBD7}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{858D58FE-84C1-4299-B360-A4C016F9F5AF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC035B2D-4E2D-47AD-B58F-A2B597317591}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D2F2C8A-E50C-4B06-AC3A-DD9CA5DD67D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{47FAFF35-3BAC-4DA8-B743-BF44941E7B10}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F12F379-1763-4984-A678-8316D9860E31}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{449D5906-0A43-4365-A12E-DEED95D06F9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3271CAF1-708A-4EF1-A9B1-3331961C1257}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21261109-59B7-4CA3-947B-24D5531218B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7EEF4FF8-D6B5-4006-B730-C1B8AB8F83F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A0B8A97-768E-4D67-9177-F0534BD0ED37}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2992FF85-F7E6-416B-B25A-49889964B971}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06BAD01F-AA21-49B0-A8CA-E50C93D0EA32}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6D2A3ED-D797-43F8-98A9-8D97E26378A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C0011215-7121-4BBA-A15A-3A3D565ED9DF}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{B17A0903-8693-4A0F-B4BD-22584C25F390}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

14-01-2021 21:26:36 Inštalátor modulov systému Windows
22-01-2021 15:32:47 Scheduled Checkpoint
24-01-2021 12:15:53 Removed McAfee Safe Connect

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/24/2021 12:29:07 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-RCOAIGT2$ via https://INTC-KeyId-5e73c89aa3e902b272b9 ... s/Aik/scep failed:

GetCACaps

Method: GET(6047ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/24/2021 12:23:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: RecoverKeys.exe, verzia: 0.0.0.0, časová značka: 0x535e2dd2
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.662, časová značka: 0x5f641e44
Kód výnimky: 0xc0000005
Odstup chyby: 0x000489f1
Identifikácia chybujúceho procesu: 0x11bc
Čas spustenia chybujúcej aplikácie: 0x01d6f24343c87488
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Recover Keys\RecoverKeys.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 1cc63297-0ebd-4a6a-a240-2827cfb5aca0
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:22:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: splwow64.exe, verzia: 10.0.19041.746, časová značka: 0xbe227c8d
Názov chybujúceho modulu: iertutil.dll, verzia: 11.0.19041.746, časová značka: 0x5c9bbe7d
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000199d3
Identifikácia chybujúceho procesu: 0x4418
Čas spustenia chybujúcej aplikácie: 0x01d6f2434402f4a8
Cesta chybujúcej aplikácie: C:\Windows\splwow64.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\iertutil.dll
Identifikácia hlásenia: efc0c453-824f-4293-a53a-ddc54b1cc8d1
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: RecoverKeys.exe, verzia: 0.0.0.0, časová značka: 0x535e2dd2
Názov chybujúceho modulu: DevDispItemProvider.dll, verzia: 10.0.19041.546, časová značka: 0x3fccdeb3
Kód výnimky: 0xc0000005
Odstup chyby: 0x000093b2
Identifikácia chybujúceho procesu: 0xf18
Čas spustenia chybujúcej aplikácie: 0x01d6f242d4cddcf1
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Recover Keys\RecoverKeys.exe
Cesta chybujúceho modulu: C:\Windows\System32\DevDispItemProvider.dll
Identifikácia hlásenia: b32c77e2-044c-4b77-a9c2-ca35504a0e55
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:19:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: splwow64.exe, verzia: 10.0.19041.746, časová značka: 0xbe227c8d
Názov chybujúceho modulu: iertutil.dll, verzia: 11.0.19041.746, časová značka: 0x5c9bbe7d
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000199d3
Identifikácia chybujúceho procesu: 0x1a40
Čas spustenia chybujúcej aplikácie: 0x01d6f242d6b745ba
Cesta chybujúcej aplikácie: C:\Windows\splwow64.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\iertutil.dll
Identifikácia hlásenia: 31a1f7dc-9acf-43b3-a968-7c7ecaa3489b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/24/2021 12:15:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/24/2021 12:15:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/24/2021 12:15:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (01/24/2021 12:34:18 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume93

Error: (01/24/2021 12:29:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Windows Presentation Foundation Font Cache 3.0.0.0 zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (01/24/2021 12:29:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Windows Presentation Foundation Font Cache 3.0.0.0 bol dosiahnutý časový limit (30000 ms).

Error: (01/24/2021 11:22:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby BFE bol dosiahnutý časový limit (30000 ms).

Error: (01/24/2021 11:21:58 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume93

Error: (01/24/2021 11:21:46 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.4 with the system
having network hardware address 18-F0-E4-FA-50-B3. Network operations on this system may
be disrupted as a result.

Error: (01/23/2021 01:56:05 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume83

Error: (01/21/2021 03:22:19 PM) (Source: DCOM) (EventID: 10029) (User: LAPTOP-RCOAIGT2)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.


Windows Defender:
===================================
Date: 2021-01-12 22:18:11.3550000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {87A89A29-A0DB-4B0B-8EA2-C8601FBAEC4B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-10 20:14:48.8460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {8D038AEA-2FDC-4C59-BA07-818C14FED8B5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 00:30:14.9530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {FDC37265-8C99-4F4F-8FDA-9ACE8F29A49A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 23:55:34.7470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F7F744FF-8972-436C-B6EC-EFCC5A4168A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-30 23:41:42.3870000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {365BF01B-0A0F-4C03-914E-C574759ABABB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 23:44:35.2670000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2185.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2021-01-12 21:33:49.2170000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-01-12 21:33:48.8460000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:12:21.2650000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:06:20.6640000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070050
Error description: The file exists.

CodeIntegrity:
===================================

Date: 2021-01-24 11:41:25.1790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:41:24.1390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:24:05.0390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:56.9460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:29.9790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9640000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9480000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9330000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 2WCN33WW 10/18/2017
Motherboard: LENOVO
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 88%
Total physical RAM: 3990.85 MB
Available physical RAM: 476.61 MB
Total Virtual: 7190.85 MB
Available Virtual: 2707.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:892.22 GB) (Free:783.51 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.9 GB) NTFS
Drive f: (MATRIX) (Removable) (Total:117.14 GB) (Free:7.43 GB) exFAT

\\?\Volume{79f63d4e-622b-450a-abc2-5f30a885b961}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
\\?\Volume{26c05541-e5be-4d3d-99d5-94204b82d63f}\ (LENOVO_PART) (Fixed) (Total:12.07 GB) (Free:1.82 GB) NTFS
\\?\Volume{96bb8403-3b71-49f1-8e28-36fdbc424ff8}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C1CF027A)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 117.2 GB) (Disk ID: EF031357)
Partition 1: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

lavega
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 28 říj 2012 09:07

Re: Prosím o kontrolu logu

#3 Příspěvek od lavega »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-24-2021
# Duration: 00:00:45
# OS: Windows 10 Pro
# Scanned: 31956
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoCCSDK Folder C:\Program Files (x86)\LENOVO\CCSDK
Preinstalled.LenovoCCSDK Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{67827BB6-4B05-6181-921A-E49FC484E859}
Preinstalled.LenovoCCSDK Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\MoniX\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoUtility Folder C:\Program Files\LENOVO\LENOVOUTILITY
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}
Preinstalled.LenovoUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#4 Příspěvek od Diallix »

poprosim o nove logy FRST + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

lavega
Návštěvník
Návštěvník
Příspěvky: 63
Registrován: 28 říj 2012 09:07

Re: Prosím o kontrolu logu

#5 Příspěvek od lavega »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021
Ran by MoniX (administrator) on LAPTOP-RCOAIGT2 (LENOVO 80T3) (24-01-2021 14:07:50)
Running from F:\PROGFILE\1 POMOC\FRST
Loaded Profiles: MoniX
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\MoniX\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> )
HKLM-x32\...\Run: [OneLinkManager] => C:\Program Files (x86)\Lenovo\OneLink Plus Dock\onelinkpromgn.exe [1083904 2015-05-30] () [File not signed]
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\MoniX\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {213D2771-F41E-4818-BF0D-06AE3EA0E476} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24A612BB-A09E-44DC-8B01-7BDECE162F08} - \Lenovo\ImController\TimeBasedEvents\db81d42a-de58-4bc2-987c-a92249b056f2 -> No File <==== ATTENTION
Task: {3338685D-BD43-4E24-B98A-FD7A80266BD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-21] (Google Inc -> Google Inc.)
Task: {3356D2D6-2241-40E7-B63B-ECC5F13B0B02} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {563A0E1B-050B-4177-BA36-46EAB9040AFB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B378C92-9CC5-45E6-91A2-02AC2872A8D0} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {5BA12115-C87D-4828-9B8B-BA085F470751} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C5DD3D9-0DEC-4284-B703-DC2E858D5721} - \Lenovo\ImController\TimeBasedEvents\68bda5d2-b66d-4ecc-820f-f7069c3708ef -> No File <==== ATTENTION
Task: {7E1527E7-31A9-416E-8958-2044A68D328B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-21] (Google Inc -> Google Inc.)
Task: {7E15F5EE-4890-4ABF-8312-5B4B886A4007} - \Lenovo\ImController\TimeBasedEvents\5fecf72c-5820-43d8-af58-0076a8de13d7 -> No File <==== ATTENTION
Task: {8C081069-B500-4EB1-8CB5-0E1B97C20676} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {8ED3F3C6-057B-4EBF-BDEC-C0E2203E999B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9370EE2F-B46D-4474-9BE9-64026C8B1C82} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {98BD469D-1B24-46C4-B0D5-221C6FB5B66E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1161112 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FEEE4FF-D186-48A8-B58E-4B4ADF72CAE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AE6628E8-24BD-43DB-8BAE-F1504C310435} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {B1E4752C-E38F-45EE-85E7-E13021BC80CB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAC5427D-2863-4E8A-8FE7-942CD4A3D06C} - \Lenovo\ImController\TimeBasedEvents\4dbe5eb3-ba31-4140-9dc3-62dcb3e366be -> No File <==== ATTENTION
Task: {D452A145-146B-4807-AB9F-5D1844EBF4A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D86B8310-E46B-4896-8308-9894F9F1CA7E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
Task: {D8D8AC1E-ACB0-4B29-9723-9DD6C638005F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {EDE6FED2-7B13-4869-89AF-B760967D3FF0} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {FF82A818-9B28-4E00-8AD3-9B7234BE956D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0221f867-3f1e-464b-9c8b-9ee5ff4aa8f3}: [DhcpNameServer] 147.251.210.1
Tcpip\..\Interfaces\{79a0a509-2cbc-4328-bd1a-4af91d41094c}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\MoniX\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-16]

FireFox:
========
FF DefaultProfile: r12vxv9i.default
FF ProfilePath: C:\Users\MoniX\AppData\Roaming\Mozilla\Firefox\Profiles\r12vxv9i.default [2021-01-24]
FF Notifications: Mozilla\Firefox\Profiles\r12vxv9i.default -> hxxps://www.facebook.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2018-01-01] (Adobe Systems Incorporated -> )
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2018-01-01] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default [2021-01-24]
CHR Notifications: Default -> hxxps://www.esky.sk; hxxps://www.facebook.com; hxxps://www.kiwi.com; hxxps://www.netflix.com
CHR Extension: (Slides) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21]
CHR Extension: (Docs) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21]
CHR Extension: (Google Drive) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-21]
CHR Extension: (Adobe Acrobat) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-17]
CHR Extension: (Sheets) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-16]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Gmail) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\MoniX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960904 2021-01-03] (Microsoft Corporation -> Microsoft Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] (Dolby Laboratories, Inc. -> )
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-23] (LENOVO -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe [18360 2020-07-09] (Lenovo -> Lenovo Group Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc. -> McAfee, Inc.)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [23552 2018-06-08] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2021-01-24] (Microsoft Corporation -> Sysinternals - www.sysinternals.com)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snp2uvcW10.sys [1708640 2017-01-19] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 13:41 - 2021-01-24 13:43 - 000000000 ____D C:\AdwCleaner
2021-01-24 12:50 - 2021-01-24 14:09 - 000000000 ____D C:\FRST
2021-01-24 12:50 - 2021-01-24 12:50 - 000000000 ____D C:\Users\MoniX\AppData\Local\mbam
2021-01-24 12:49 - 2021-01-24 12:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-24 12:23 - 2021-01-24 12:23 - 000013551 _____ C:\Users\MoniX\Desktop\LAPTOP-RCOAIGT2.xls
2021-01-24 12:20 - 2021-01-24 12:20 - 000001288 _____ C:\Users\MoniX\Desktop\LAPTOP-RCOAIGT2.txt
2021-01-24 12:13 - 2021-01-24 12:40 - 000000000 ____D C:\PROG FILE
2021-01-24 11:54 - 2021-01-24 12:12 - 000000000 ____D C:\Users\MoniX\AppData\Roaming\Geek Uninstaller
2021-01-17 12:32 - 2021-01-24 13:18 - 000000000 ____D C:\Users\MoniX\AppData\Local\CrashDumps
2021-01-16 14:02 - 2021-01-16 14:02 - 000000440 _____ C:\Users\MoniX\Desktop\Tento počítač - odkaz.lnk
2021-01-16 13:47 - 2021-01-16 14:05 - 000000000 ____D C:\Users\MoniX\Documents\KNIHY
2021-01-16 13:33 - 2021-01-22 17:20 - 000000000 ____D C:\Users\MoniX\Downloads\Install_SW
2021-01-16 13:10 - 2021-01-16 13:10 - 000000000 ____D C:\Users\MoniX\AppData\Roaming\Spotify
2021-01-16 12:41 - 2021-01-24 12:27 - 000000000 ____D C:\ProgramData\Avast Software
2021-01-16 11:58 - 2021-01-24 12:32 - 000092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2021-01-14 23:50 - 2021-01-14 23:50 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-14 23:50 - 2021-01-14 23:50 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-14 23:50 - 2021-01-14 23:50 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-14 23:49 - 2021-01-14 23:49 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-14 23:49 - 2021-01-14 23:49 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-14 23:49 - 2021-01-14 23:49 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-14 23:49 - 2021-01-14 23:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-14 23:48 - 2021-01-14 23:48 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-14 23:48 - 2021-01-14 23:48 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-14 23:48 - 2021-01-14 23:48 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-14 23:48 - 2021-01-14 23:48 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-14 23:48 - 2021-01-14 23:48 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-14 23:48 - 2021-01-14 23:48 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-14 23:47 - 2021-01-14 23:47 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-14 23:46 - 2021-01-14 23:46 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-14 23:46 - 2021-01-14 23:46 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-14 23:46 - 2021-01-14 23:46 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-14 23:46 - 2021-01-14 23:46 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-14 23:45 - 2021-01-14 23:45 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-14 23:45 - 2021-01-14 23:45 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-14 23:44 - 2021-01-14 23:44 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-14 23:44 - 2021-01-14 23:44 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-14 23:43 - 2021-01-14 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-14 23:43 - 2021-01-14 23:43 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-14 23:42 - 2021-01-14 23:42 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-14 23:42 - 2021-01-14 23:42 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-14 23:41 - 2021-01-14 23:41 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-14 22:26 - 2021-01-14 22:26 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-14 22:24 - 2021-01-14 22:24 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-14 22:23 - 2021-01-14 22:23 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-14 22:23 - 2021-01-14 22:23 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-14 22:23 - 2021-01-14 22:23 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-14 22:23 - 2021-01-14 22:23 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-14 22:22 - 2021-01-14 22:22 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-14 22:22 - 2021-01-14 22:22 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-14 22:21 - 2021-01-14 22:21 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-14 22:20 - 2021-01-14 22:20 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-14 22:20 - 2021-01-14 22:20 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 22:20 - 2021-01-14 22:20 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-14 22:20 - 2021-01-14 22:20 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-14 22:20 - 2021-01-14 22:20 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-24 13:53 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-24 13:53 - 2017-10-12 15:34 - 000000000 __SHD C:\Users\MoniX\IntelGraphicsProfiles
2021-01-24 13:52 - 2020-10-23 01:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 13:52 - 2020-10-23 00:27 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-24 13:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-24 13:52 - 2017-10-12 19:04 - 000000000 ____D C:\ProgramData\Synaptics
2021-01-24 13:51 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-24 13:49 - 2020-10-23 01:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-01-24 13:49 - 2020-03-15 16:56 - 000000000 ____D C:\WINDOWS\Lenovo
2021-01-24 13:49 - 2017-10-18 18:33 - 000000000 ____D C:\Users\MoniX\AppData\Local\Lenovo
2021-01-24 13:49 - 2016-12-27 17:03 - 000000000 ____D C:\Program Files\Lenovo
2021-01-24 13:49 - 2016-12-27 17:03 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-01-24 13:38 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-24 12:34 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-24 12:29 - 2020-10-23 00:39 - 000000000 ____D C:\Users\MoniX
2021-01-24 12:12 - 2016-12-27 16:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-01-24 12:07 - 2018-01-30 08:41 - 000000000 ____D C:\Users\MoniX\AppData\Roaming\CyberLink
2021-01-24 12:07 - 2016-12-27 16:50 - 000000000 ____D C:\ProgramData\Temp
2021-01-24 12:07 - 2016-12-27 16:50 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2021-01-24 12:07 - 2016-12-27 16:50 - 000000000 ____D C:\ProgramData\CyberLink
2021-01-24 12:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-24 12:01 - 2017-10-22 12:56 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-24 11:25 - 2020-10-05 17:59 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-24 11:21 - 2020-10-23 00:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-23 14:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-22 17:20 - 2020-10-23 19:25 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a8cdf160c804
2021-01-22 17:20 - 2020-10-23 01:06 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-01-22 17:20 - 2020-10-23 01:06 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-22 17:20 - 2020-10-23 01:06 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-22 17:20 - 2020-10-23 01:06 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-22 17:20 - 2020-10-23 01:06 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-22 17:20 - 2020-10-23 01:06 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-22 17:20 - 2020-10-23 01:06 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2055380405-3380175527-2212886683-1001
2021-01-22 17:20 - 2020-10-23 01:06 - 000002476 _____ C:\WINDOWS\system32\Tasks\CLMLSvc_P2G8
2021-01-22 11:12 - 2020-06-20 10:39 - 000002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-22 11:12 - 2020-06-20 10:39 - 000002272 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-22 11:12 - 2020-06-20 10:39 - 000002272 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-18 10:19 - 2020-10-23 00:52 - 001836076 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-18 10:19 - 2020-10-23 00:36 - 000707688 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-18 10:19 - 2020-10-23 00:36 - 000145036 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-18 10:19 - 2019-08-30 01:08 - 000132210 _____ C:\WINDOWS\system32\perfh01B.dat
2021-01-18 10:19 - 2019-08-30 01:08 - 000028230 _____ C:\WINDOWS\system32\perfc01B.dat
2021-01-18 10:11 - 2020-10-23 00:28 - 000436096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-18 10:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-18 10:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-18 10:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-18 10:04 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-18 10:04 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-18 10:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-18 10:03 - 2019-12-07 15:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-18 10:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-17 14:49 - 2017-10-12 20:07 - 000000000 ____D C:\Users\MoniX\AppData\Local\GHISLER
2021-01-16 13:58 - 2018-09-03 18:38 - 000000000 ____D C:\Users\MoniX\Documents\My Received Files
2021-01-16 13:53 - 2018-10-21 16:50 - 000000000 ____D C:\Users\MoniX\Desktop\SKOLA
2021-01-16 13:42 - 2017-11-29 00:58 - 000000000 ____D C:\Users\MoniX\AppData\Local\Packages
2021-01-16 12:07 - 2020-09-25 19:20 - 000000000 ___DC C:\WINDOWS\Panther
2021-01-16 11:57 - 2016-12-27 16:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-01-16 11:48 - 2017-10-12 15:35 - 000000000 ____D C:\Users\MoniX\AppData\Local\VirtualStore
2021-01-15 19:14 - 2018-06-16 23:18 - 000000000 ____D C:\Users\MoniX\AppData\Local\PlaceholderTileLogoFolder
2021-01-15 00:05 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-14 22:19 - 2020-10-23 00:33 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 22:38 - 2017-10-15 12:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-12 22:28 - 2017-10-15 12:27 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-11 23:03 - 2017-10-21 18:41 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 19:45 - 2020-08-14 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

==================== Files in the root of some directories ========

2018-01-13 13:09 - 2018-01-13 13:09 - 007649280 _____ () C:\Program Files (x86)\GUT4CBC.tmp
2018-02-17 19:26 - 2018-02-17 19:26 - 000000514 _____ () C:\Users\MoniX\AppData\Roaming\6Free ZIP File Opener

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

---------
-----------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021
Ran by MoniX (24-01-2021 14:17:09)
Running from F:\PROGFILE\1 POMOC\FRST
Windows 10 Pro Version 2004 19041.746 (X64) (2020-10-23 00:07:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2055380405-3380175527-2212886683-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2055380405-3380175527-2212886683-503 - Limited - Disabled)
Guest (S-1-5-21-2055380405-3380175527-2212886683-501 - Limited - Disabled)
MoniX (S-1-5-21-2055380405-3380175527-2212886683-1001 - Administrator - Enabled) => C:\Users\MoniX
WDAGUtilityAccount (S-1-5-21-2055380405-3380175527-2212886683-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Auto Mouse Mover v9.1 (HKLM-x32\...\{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1) (Version: 9.1 - MurGee.com)
Castle Attack 2 v1.00 (HKLM-x32\...\Castle Attack 2) (Version: - )
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1326.26 - Sonix)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
Free ZIP File Opener (HKLM-x32\...\{00A882CD-7E60-4A01-BCEC-AB71D21F4D53}) (Version: 1.0.1 - Powerful Utilities)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.3.115.0 - Lenovo Group Ltd.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft 365 -sovellukset yrityksille - fi-fi (HKLM\...\O365BusinessRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office 2016 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - fi-fi (HKLM\...\HomeStudentRetail - fi-fi) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
OpenVPN Connect (HKLM-x32\...\{8B4BC420-3DCB-4018-A345-B24F7DBC30C3}) (Version: 2.6.0.100 - OpenVPN Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{4151AAE1-FD6C-4D49-BA0F-79212F960797}) (Version: 4.5.510.0 - Synaptics)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
ThinkPad OneLink Plus Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.10.10 - Lenovo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WiFi Password Revealer (HKLM-x32\...\WiFi Password Revealer_is1) (Version: 1.0.0.7 - Magical Jelly Bean)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-11] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-17] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.185.400.0_x86__kgqvnymyfvs32 [2021-01-23] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-18] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-10-12] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2021-01-09] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-23] (LENOVO INC.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.3.1.1_x86__h6adky7gbf63m [2021-01-14] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-15] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-17] (Microsoft Studios)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\MoniX\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-29] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_01ee1299f4982efe\igfxDTCM.dll [2018-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\MoniX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-09-16 20:20 - 2017-09-16 20:20 - 000091648 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001016832 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 000046592 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2017-09-16 20:21 - 2017-09-16 20:21 - 001411072 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000071168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\bz2.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000061952 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000009728 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000039936 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000144384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000006656 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
2017-12-19 17:51 - 2017-12-19 17:51 - 000396288 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom27.dll
2017-12-19 17:50 - 2017-12-19 17:50 - 000109056 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes27.dll
2017-09-16 20:20 - 2017-09-16 20:20 - 000010240 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000026624 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2018-06-08 09:48 - 2018-06-08 09:48 - 000007168 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 000687104 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000099840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2017-12-19 17:52 - 2017-12-19 17:52 - 000360448 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000017408 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000118784 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000023040 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000035840 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000016384 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32profile.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000107520 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000041472 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2017-12-19 17:50 - 2017-12-19 17:50 - 000021504 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
2018-06-08 09:47 - 2018-06-08 09:47 - 000019456 _____ () [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2017-09-16 20:20 - 2017-09-16 20:20 - 002645504 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\PYTHON27.DLL
2020-08-14 08:56 - 2020-05-30 19:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\x64\SQLite.Interop.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 001260544 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\LIBEAY32.dll
2018-06-08 09:46 - 2018-06-08 09:46 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\sharepoint.com -> hxxps://jonckerstrans-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-03-15 23:14 - 000001029 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.ovpn.jonckers.eu

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MoniX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "OneLinkManager"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "haozipcd"
HKU\S-1-5-21-2055380405-3380175527-2212886683-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2FF1A24A-2D25-4F44-8204-3606937260CF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3E798486-17A4-43C2-A9B6-6F50055E05E8}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{662C9395-628E-4417-8CC1-D838A6494EA3}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{58F54A81-C9EC-46BE-807E-905AEF0E4C84}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{95AF8B88-9E47-478C-9EB5-41514279285D}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{8BF91EC4-94E9-40B8-9FDF-AD93E590BD66}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{FC5E69A0-8D97-4FE1-966C-C4FFA720FBD7}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{858D58FE-84C1-4299-B360-A4C016F9F5AF}C:\users\monix\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\monix\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC035B2D-4E2D-47AD-B58F-A2B597317591}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D2F2C8A-E50C-4B06-AC3A-DD9CA5DD67D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{47FAFF35-3BAC-4DA8-B743-BF44941E7B10}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F12F379-1763-4984-A678-8316D9860E31}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{449D5906-0A43-4365-A12E-DEED95D06F9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3271CAF1-708A-4EF1-A9B1-3331961C1257}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21261109-59B7-4CA3-947B-24D5531218B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7EEF4FF8-D6B5-4006-B730-C1B8AB8F83F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A0B8A97-768E-4D67-9177-F0534BD0ED37}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2992FF85-F7E6-416B-B25A-49889964B971}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06BAD01F-AA21-49B0-A8CA-E50C93D0EA32}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6D2A3ED-D797-43F8-98A9-8D97E26378A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C0011215-7121-4BBA-A15A-3A3D565ED9DF}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{B17A0903-8693-4A0F-B4BD-22584C25F390}C:\users\monix\downloads\install_sw\anydesk.exe] => (Allow) C:\users\monix\downloads\install_sw\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

14-01-2021 21:26:36 Inštalátor modulov systému Windows
22-01-2021 15:32:47 Scheduled Checkpoint
24-01-2021 12:15:53 Removed McAfee Safe Connect
24-01-2021 13:47:11 AdwCleaner_BeforeCleaning_24/01/2021_13:47:05

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/24/2021 01:53:27 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\LAPTOP-RCOAIGT2$ via https://INTC-KeyId-5e73c89aa3e902b272b9 ... s/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request: 0x80070057."}
HTTP/1.1 400 Bad Request
Date: Sun, 24 Jan 2021 12:53:27 GMT
Content-Length: 86
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: bbeb7403-a346-4041-af8c-fc16510faf63

Method: POST(6844ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (01/24/2021 01:46:07 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:46:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:47 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (01/24/2021 01:45:37 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.


System errors:
=============
Error: (01/24/2021 02:07:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:55:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby CCSDK zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:53:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:53:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/24/2021 01:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Windows Presentation Foundation Font Cache 3.0.0.0 zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (01/24/2021 01:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Windows Presentation Foundation Font Cache 3.0.0.0 bol dosiahnutý časový limit (30000 ms).

Error: (01/24/2021 01:52:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2021-01-12 22:18:11.3550000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {87A89A29-A0DB-4B0B-8EA2-C8601FBAEC4B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-10 20:14:48.8460000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {8D038AEA-2FDC-4C59-BA07-818C14FED8B5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-08 00:30:14.9530000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {FDC37265-8C99-4F4F-8FDA-9ACE8F29A49A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-04 23:55:34.7470000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F7F744FF-8972-436C-B6EC-EFCC5A4168A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-30 23:41:42.3870000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {365BF01B-0A0F-4C03-914E-C574759ABABB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-15 23:44:35.2670000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2185.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2021-01-12 21:33:49.2170000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-01-12 21:33:48.8460000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2042.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:12:21.2650000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-12-27 10:06:20.6640000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070050
Error description: The file exists.

CodeIntegrity:
===================================

Date: 2021-01-24 11:41:25.1790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:41:24.1390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:24:05.0390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:56.9460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-24 11:22:29.9790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9640000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9480000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-01-24 11:22:29.9330000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 2WCN33WW 10/18/2017
Motherboard: LENOVO
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 80%
Total physical RAM: 3990.85 MB
Available physical RAM: 764.52 MB
Total Virtual: 7190.85 MB
Available Virtual: 3231.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:892.22 GB) (Free:783.23 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.9 GB) NTFS
Drive f: (MATRIX) (Removable) (Total:117.14 GB) (Free:7.41 GB) exFAT

\\?\Volume{79f63d4e-622b-450a-abc2-5f30a885b961}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.51 GB) NTFS
\\?\Volume{26c05541-e5be-4d3d-99d5-94204b82d63f}\ (LENOVO_PART) (Fixed) (Total:12.07 GB) (Free:1.82 GB) NTFS
\\?\Volume{96bb8403-3b71-49f1-8e28-36fdbc424ff8}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C1CF027A)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 117.2 GB) (Disk ID: EF031357)
Partition 1: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {24A612BB-A09E-44DC-8B01-7BDECE162F08} - \Lenovo\ImController\TimeBasedEvents\db81d42a-de58-4bc2-987c-a92249b056f2 -> No File <==== ATTENTION
Task: {3338685D-BD43-4E24-B98A-FD7A80266BD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-21] (Google Inc -> Google Inc.)
Task: {3356D2D6-2241-40E7-B63B-ECC5F13B0B02} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {563A0E1B-050B-4177-BA36-46EAB9040AFB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B378C92-9CC5-45E6-91A2-02AC2872A8D0} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {6C5DD3D9-0DEC-4284-B703-DC2E858D5721} - \Lenovo\ImController\TimeBasedEvents\68bda5d2-b66d-4ecc-820f-f7069c3708ef -> No File <==== ATTENTION
Task: {7E1527E7-31A9-416E-8958-2044A68D328B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-21] (Google Inc -> Google Inc.)
Task: {7E15F5EE-4890-4ABF-8312-5B4B886A4007} - \Lenovo\ImController\TimeBasedEvents\5fecf72c-5820-43d8-af58-0076a8de13d7 -> No File <==== ATTENTION
Task: {BAC5427D-2863-4E8A-8FE7-942CD4A3D06C} - \Lenovo\ImController\TimeBasedEvents\4dbe5eb3-ba31-4140-9dc3-62dcb3e366be -> No File <==== ATTENTION
Task: {EDE6FED2-7B13-4869-89AF-B760967D3FF0} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [X]
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
FirewallRules: [UDP Query User{662C9395-628E-4417-8CC1-D838A6494EA3}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{58F54A81-C9EC-46BE-807E-905AEF0E4C84}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{95AF8B88-9E47-478C-9EB5-41514279285D}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{8BF91EC4-94E9-40B8-9FDF-AD93E590BD66}C:\users\monix\downloads\anydesk.exe] => (Allow) C:\users\monix\downloads\anydesk.exe => No File

EmptyTemp:
Hosts:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#7 Příspěvek od Diallix »

Tema neaktivna, zamykam.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno